Most effective way to remove malware, adware, spyware, etc?

[mister_tu]

So, I was downloading some music albums from a site and got this stupid SWP2009 demo malware. It keeps popping up saying that I have a virus and for me to buy some software. I searched online and there were some links on some removal tools which I downloaded but seems to do nothing.

Anyone know of anyone good FREE software I can use to remove this thing? It's so annoying.

Btw, I was downloading Kid Cudi's mixtape, "A kid named Cudi" - definitely a good listen.

[red_nose]

http://www.removeonline.com/remove-s...-instructions/


Symptoms of Spyware Protect 2009

Pop up balloon warning messages claiming that your PC is infected.


"Critical System Error",
"Your computer is infected",
Hijacked homepage to swp2009.com, spyprotect2009.com, sp-protect2009.com or obscure webpage.
Flashing icons appear on your system tray (Near of your system clock).
Manual Removal Process:
Search and kill the following processes

sysguard.exe, sysguardn.exe

Remove Spyware Protect 2009 files & folders

sysguard.exe
sysguardn.exe
Uninstall Spyware Protect 2009.lnk

Remove/Modify corrupt Registry Entries

HKEY_CURRENT_USER\Software\Spyware Protect 2009
sysguard.exe
sysguardn.exe

[dreamcar=rs4]

Does spyware/adware exist on macs? My computers been really slow lately and I've deleted a bunch of stuff

[KyleA4Play]

i use AVG from download.com, try running that, then a system restore to say yesterday when it wasnt full of virus'

[Grenade]

run malwarebytes and then combofix.

[davis449]

run malwarebytes and then combofix.

Malwarebytes is the shit!

[nnnick]

malware bytes is what I recommend, it works really well.

http://malwarebytes.org/

[djwimbo]

I use Avast, it's always been good to me.

[scot_w]

It is much easier to clean boot or boot in safe mode to get rid of most malware. Turn off system restore so the computer does not keep reinfecting itself. Then delete all files in your temp directories (including the user account temp folders and temp Internet folders). Following is just one of many examples of removal instructions.

How to remove Swp2009 manually:
Manual removal of Swp 2009 is feasible if you have sufficient expertise in working with program files, system processes, .dll files and registry entries.

The files to be deleted are listed below:

* %WINDOWS%\aazalirt.exe
* %WINDOWS%\dkekkrkska.exe
* %WINDOWS%\dkewiizkjdks.exe
* %WINDOWS%\iddqdops.exe
* %WINDOWS%\ienotas.exe
* %WINDOWS%\iqmcnoeqz.exe
* %WINDOWS%\irprokwks.exe
* %WINDOWS%\jikglond.exe
* %WINDOWS%\jiklagka.exe
* %WINDOWS%\jrjakdsd.exe
* %WINDOWS%\jungertab.exe
* %WINDOWS%\kitiiwhaas.exe
* %WINDOWS%\kkwknrbsggeg.exe
* %WINDOWS%\klopnidret.exe
* %WINDOWS%\krkdkdkee.exe
* %WINDOWS%\krkmahejdk.exe
* %WINDOWS%\krtawefg.exe
* %WINDOWS%\krujmmwlrra.exe
* %WINDOWS%\ktknamwerr.exe
* %WINDOWS%\kuruhccdsdd.exe
* %WINDOWS%\ooorjaas.exe
* %WINDOWS%\oranerkka.exe
* %WINDOWS%\oropbbsee.exe
* %WINDOWS%\ronitfst.exe
* %WINDOWS%\seeukluba.exe
* %WINDOWS%\skaaanret.exe
* %WINDOWS%\sysguardn.exe
* %WINDOWS%\tobmygers.exe
* %WINDOWS%\tobykke.exe
* %WINDOWS%\zibaglertz.exe
* %WINDOWS%\otnnbektre.exe
* %WINDOWS%\otowjdseww.exe
* %WINDOWS%\otpeppggq.exe
* %WINDOWS%\rkaskssd.exe
* Spyware Protect 2009.lnk
* Uninstall Spyware Protect 2009.lnk

The associated registry entries to be removed are as follows:

* HKEY_CURRENT_USER\Software\AvScan
*
* HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run “sysguardn�

[mister_tu]

People using malware-bytes, does it actually remove the malware or just detect it?

Scot_w - I'm not quite familiar on the procedure you listed. Is this something I should perform if I don't feel comfortable? Am I just deleting files through the windows explorer? How do I turn the system restore off?

[davis449]

People using malware-bytes, does it actually remove the malware or just detect it?

Scot_w - I'm not quite familiar on the procedure you listed. Is this something I should perform if I don't feel comfortable? Am I just deleting files through the windows explorer? How do I turn the system restore off?

It removes the shit!

[scot_w]

Scot_w - I'm not quite familiar on the procedure you listed. Is this something I should perform if I don't feel comfortable?

If you are not comfortable with my directions you are better off with an automatic tool like MalwareBytes (not sure what the difference is between the free and paid version) or the Microsoft Malicious Software Removal Tool or whatever other tool you choose.

Just out of curiosity what anti-virus/anti-malware tools do you currently use to protect your computer that allowed SWP2009 to get installed in the first place?

[mister_tu]

If you are not comfortable with my directions you are better off with an automatic tool like MalwareBytes (not sure what the difference is between the free and paid version) or the Microsoft Malicious Software Removal Tool or whatever other tool you choose.

Just out of curiosity what anti-virus/anti-malware tools do you currently use to protect your computer that allowed SWP2009 to get installed in the first place?

I dont have any, just an antivirus program (mcafee). This is a company computer, so I didn't really consider it until now.

[mister_tu]

Used malwarebytes and 4 hrs later...EUREKA!!! thanks, guys! I know I can always count on you guys.

[scot_w]

Good deal. Aside from getting protected you may want to run something like Glary Utilities (you can get this from download.com) to clean up your Registry and temp files.

[doobiesdaddy]

Does spyware/adware exist on macs? My computers been really slow lately and I've deleted a bunch of stuff

Are you running Little Snitch?
http://www.obdev.at/products/littlesnitch/index.html

[beegeezy]

http://www.youtube.com/watch?v=G2i_6j55bS0

[MattzWarsteiner]

Another method for anyone infected with this is to run a batch file.

Using Scot_w's published list for this bug:

del aazalirt.exe
del dkekkrkska.exe
del dkewiizkjdks.exe
del iddqdops.exe
del ienotas.exe
del iqmcnoeqz.exe
del irprokwks.exe
del jikglond.exe
del jiklagka.exe
del jrjakdsd.exe
del jungertab.exe
del kitiiwhaas.exe
del kkwknrbsggeg.exe
del klopnidret.exe
del krkdkdkee.exe
del krkmahejdk.exe
del krtawefg.exe
del krujmmwlrra.exe
del ktknamwerr.exe
del kuruhccdsdd.exe
del ooorjaas.exe
del oranerkka.exe
del oropbbsee.exe
del ronitfst.exe
del seeukluba.exe
del skaaanret.exe
del sysguardn.exe
del tobmygers.exe
del tobykke.exe
del zibaglertz.exe
del otnnbektre.exe
del otowjdseww.exe
del otpeppggq.exe
del rkaskssd.exe

Copy & Paste the above into notepad. Save it as kill.bat.
Open Windows Explorer. Type in the address bar %Windows% and hit enter
Copy kill.bat here. Click it. Boom. All gone.

Something not mentioned previously, this may need
to be accomplished in safe mode if any of the spyware files listed are currently running.



Easy way to delete a fouled registry key:
(Windows XP)

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\AvScan]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
“sysguardn”=-

Copy and paste the above into Notepad. Save it as a .reg file*.
Click. Boom. Registry keys deleted.

*Note you must have the show file extensions option disabled in folder options:
My Computer > Tools > Folder Options
VIEW Tab
Uncheck box marked "Hide extensions for known file types"
Click OK.

[voodooA4]

Consider buying Malwarebytes if you are prone to getting adware/spyware...I've used the free version a ton to get crap off of people's computers, but the paid version ($20, I think) has some kind of real-time protection thing that will keep it from installing itself in the first place (proactive instead of reactive).

[OverSpun]

most effective way is to get a mac. whats malware or adware? I have none of that.

:D

[MattzWarsteiner]

^ I'm psychic. I knew what your advice would be Overspun.

[mister_tu]

most effective way is to get a mac. whats malware or adware? I have none of that.

:D

But than I would have to like Sushi...I kid, I kid.

[almaster666]

best anti-adware/spyware is spybot search and destroy
+ it's free and has updates every week

[voodooA4]

most effective way is to get a mac. whats malware or adware? I have none of that.

:D

http://www.macfixit.com/article.php?...90612091219496

best anti-adware/spyware is spybot search and destroy
+ it's free and has updates every week

False (IMO)...I've tried pretty much everything, since as a "computer guy" I always get asked to fix people's computers after they've gotten some spyware...and I really haven't found anything better than Malwarebytes yet. Also, I'm pretty sure it gets update every day or every other day, if you look at the date on the definitions file.

[Hassmeister]

Does spyware/adware exist on macs? My computers been really slow lately and I've deleted a bunch of stuff

Mac's don't need a thing. They don't get viruses or the above mentioned stuff.

[JMG]

The BEST way to get rid of spyware and malware as well as improve performance and reliability is to REFORMAT and REINSTALL. I do this twice a year on my windows machine.

[MattzWarsteiner]

^ This is very true. Spyware & Malware can damage IE and other parts
of Windows. Sometimes it is never quite right after the infection.

Many bits of malware are set up to download their friends so
you could have some bot or trojan that has an unremarkable signature
and it may be laying in wait.

[onkloud9]

The BEST way to get rid of spyware and malware as well as improve performance and reliability is to REFORMAT and REINSTALL. I do this twice a year on my windows machine.

Yup. Reimage/restore is the way to go, granted you have a reliable restore point.

[JMG]

Yup. Reimage/restore is the way to go, granted you have a reliable restore point.

I don't even bother with restore points. I keep the "My Documents" with all my data in a separate drive altogether, so really, windows and all my apps live on it's own drive. I just backup my mail and bookmarks to the other drive then do the reformat and reinstall then reimport those backups.

[voodooA4]

Another (easier in some senses) way to stop viruses/malware from getting on the computer is to lock it down (i.e. don't use it for normal use under an Administrator account, and give the 'normal' username minimal permissions to install stuff or write to folders).

If you have a separate drive to keep your documents and such on, you could also get something like Deep Freeze (google it), which basically makes it so that every time you turn on the computer, it automatically starts up at a sort of 'restore point', so anything that's been installed or changed since the last reboot gets wiped out.

[MattzWarsteiner]

^ Lock down, aka Vista's method.